You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by Neil Buesing <bu...@gmail.com> on 2023/04/19 11:45:05 UTC

KafkaPrincipal, oauth, & JWT

I am exploring how to get roles defined via oauth authentication to be
passed with the KafkaPrincipal (generated by the
DefaultKafkaPrincipalBuilder) so it can be used by authorization.

I know the PrincipalBuilder can be replaced with a custom implementation
along with an alternative KafkaPrincipal implementation, but I was hoping
with the standardization of OAUTH within Kafka for handling the JWT.

In searching email archives and KIPs I do not see anything about this;
curious if there are any thoughts on this? The downside, I do not see how
to leverage JWT attributes in a generic way, so a custom Authorizer would
still be necessary.

Thanks,

Neil